More Web Proxy on the site http://driver.im/

research-article

Mitigating Electrical-level Attacks towards Secure Multi-Tenant FPGAs in the Cloud

Authors:

Jonas Krautter,

Dennis R. E. Gnad,

Mehdi B. TahooriAuthors Info & Claims

ACM Transactions on Reconfigurable Technology and Systems (TRETS), Volume 12, Issue 3

Article No.: 12, Pages 1 - 26

https://doi.org/10.1145/3328222

Published: 13 August 2019 Publication History

Abstract

A rising trend is the use of multi-tenant FPGAs, particularly in cloud environments, where partial access to the hardware is given to multiple third parties. This leads to new types of attacks in FPGAs, which operate not only on the logic level, but also on the electrical level through the common power delivery network. Since FPGAs are configured from the software-side, attackers are enabled to launch hardware attacks from software, impacting the security of an entire system. In this article, we show the first attempt of a countermeasure against attacks on the electrical level, which is based on a bitstream checking methodology. Bitstreams are translated back into flat technology mapped netlists, which are then checked for properties that indicate potential malicious runtime behavior of FPGA logic. Our approach can provide a metric of potential risk of the FPGA bitstream being used in active fault or passive side-channel attacks against other users of the FPGA fabric or the entire SoC platform.

References

[1]

Chipworks. 2014. Inside the Samsung Galaxy S5. Retrieved from: https://www.chipworks.com/ko/node/126.

[2]

iFixit. 2015. Pebble Time Teardown. Retrieved from: https://www.ifixit.com/Teardown/Pebble+Time+Teardown/42382.

[3]

Amazon Web Services (AWS). 2018. Amazon EC2 F1 Instances. Retrieved from: https://aws.amazon.com/ec2/instance-types/f1/.

[4]

LWN.net. 2018. FPGA Device Feature List (DFL) Device Drivers. Retrieved from: https://lwn.net/Articles/757283/.

[5]

Alibaba Cloud. 2018. Instance type families—Alibaba Cloud Documentation Center. Retrieved from: https://www.alibabacloud.com/help/doc-detail/25378.html.

[6]

OpenCores. 2018. OpenCores—The Reference Community for Free and Open Source Gateware IP cores. Retrieved from: https://opencores.org/.

[7]

Dakshi Agrawal, Bruce Archambeault, Josyula R. Rao, and Pankaj Rohatgi. 2002. The EM side-channel(s). In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 29--45.

Digital Library

[8]

C. Albrecht. 2005. IWLS 2005 Benchmarks. Technical Report. Cadence Berkeley Labs.

[9]

Victor M. Alvarez. 2018. YARA—The pattern matching swiss knife for malware researchers. Retrieved from: http://virustotal.github.io/yara/.

[10]

Karim Arabi, Resve Saleh, and Xiongfei Meng. 2007. Power supply noise in SoCs: Metrics, management, and measurement. IEEE Des. Test. Comput. 24, 3 (Aug. 2007), 236--244.

Digital Library

[11]

Mathieu Bastian, Sebastien Heymann, and Mathieu Jacomy. 2009. Gephi: An Open Source Software for Exploring and Manipulating Networks. Retrieved from: https://www.aaai.org/ocs/index.php/ICWSM/09/paper/view/154.

[12]

C. Beckhoff, D. Koch, and J. Torresen. 2010. Short-circuits on FPGAs caused by partial runtime reconfiguration. In Proceedings of the International Conference on Field-Programmable Logic and Applications (FPL’10). IEEE, 596--601.

Digital Library

[13]

S. Bhunia, M. Abramovici, D. Agrawal, P. Bradley, M. S. Hsiao, J. Plusquellic, and M. Tehranipoor. 2013. Protection against hardware Trojan attacks: Towards a comprehensive solution. IEEE Des. Test 30, 3 (June 2013), 6--17.

[14]

Dan Boneh, Richard A. DeMillo, and Richard J. Lipton. 1997. On the importance of checking cryptographic protocols for faults. In Proceedings of the International Conference on Advances in Cryptology (EUROCRYPT’97). Springer, 37--51.

Digital Library

[15]

F. Brglez, D. Bryan, and K. Kozminski. 1989. Combinational profiles of sequential benchmark circuits. In Proceedings of the IEEE International Symposium on Circuits and Systems. 1929--1934.

[16]

F. Brglez and H. Fujiwara. 1985. A neutral netlist of 10 combinational benchmark circuits and a target translator in Fortran. In Proceedings of the IEEE International Symposium on Circuits and Systems (ISCAS’85). IEEE Press, Piscataway, NJ, 677--692.

[17]

Stuart Byma, J. Gregory Steffan, Hadi Bannazadeh, Alberto Leon Garcia, and Paul Chow. 2014. FPGAs in the cloud: Booting virtualized hardware accelerators with OpenStack. In Proceedings of the International Conference on Field-Programmable Custom Computing Machines (FCCM’14). IEEE, 109--116.

Digital Library

[18]

Clifford Wolf and Mathias Lasser. 2015. Project IceStorm. Retrieved from: http://www.clifford.at/icestorm/.

[19]

Cobham Gaisler. 2019. LEON3 Processor. Retrieved from: https://www.gaisler.com/index.php/products/processors/leon3.

[20]

Jason Cong, Mohammad Ali Ghodrat, Michael Gill, Beayna Grigorian, and Glenn Reinman. 2012. Architecture support for accelerator-rich CMPs. In Proceedings of the Design Automation Conference (DAC’12). IEEE, 843--849.

Digital Library

[21]

D. Corbett. 2012. The Xilinx Isolation Design Flow for Fault-Tolerant Systems. Retrieved from: https://www.xilinx.com/support/documentation/white_papers/wp412_IDF_for_Fault_Tolerant_Sys.pdf.

[22]

F. Corno, M. S. Reorda, and G. Squillero. 2000. RT-level ITC’99 benchmarks and first ATPG results. IEEE Des. Test Comput. 17, 3 (July 2000), 44--53.

Digital Library

[23]

Alexander Czutro, Matthias Sauer, Ilia Polian, and Bernd Becker. 2012. Multi-conditional SAT-ATPG for power-droop testing. In Proceedings of the 17th IEEE European Test Symposium (ETS’12). IEEE.

[24]

S. Das, P. Whatmough, and D. Bull. 2015. Modeling and characterization of the system-level power delivery network for a dual-core ARM Cortex-A57 cluster in 28nm CMOS. In Proceedings of the International Symposium on Low Power Electronics and Design. 146--151.

[25]

Ken Eguro and Ramarathnam Venkatesan. 2012. FPGAs for trusted cloud computing. In Proceedings of the International Conference on Field-Programmable Logic and Applications (FPL’12). IEEE, 63--70.

[26]

Suhaib A. Fahmy, Kizheppatt Vipin, and Shanker Shreejith. 2015. Virtualized FPGA accelerators for efficient cloud computing. In Proceedings of the International Conference on Cloud Computing (CloudCom’15). IEEE, 430--435.

Digital Library

[27]

Marc Fyrbiak, Sebastian Wallat, Pawel Swierczynski, Max Hoffmann, Sebastian Hoppach, Matthias Wilhelm, Tobias Weidlich, Russell Tessier, and Christof Paar. 2018. HAL—The missing piece of the puzzle for hardware reverse engineering, Trojan detection and insertion. IEEE Trans. Depend. Secure Comput. 16, 3 (2018), 498--510.

[28]

Emden R. Gansner and Stephen C. North. 2000. An open graph visualization system and its applications to software engineering. Softw.—Pract. Exper. 30, 11 (2000), 1203--1233.

Digital Library

[29]

Ilias Giechaskiel, Kasper B. Rasmussen, and Ken Eguro. 2018. Leaky wires: Information leakage and covert communication between FPGA long wires. In Proceedings of the Asia Conference on Computer and Communications Security (ASIACCS’18). 15--27.

Digital Library

[30]

D. R. E. Gnad, F. Oboril, and M. B. Tahoori. 2017. Voltage drop-based fault attacks on FPGAs using valid bitstreams. In Proceedings of the International Conference on Field-Programmable Logic and Applications (FPL’17). IEEE, 4--8.

[31]

D. R. E. Gnad, S. Rapp, J. Krautter, and M. B. Tahoori. 2018. Checking for electrical level security threats in bitstreams for multi-tenant FPGAs. In Proceedings of the International Conference on Field-Programmable Technology (FPT’18).

[32]

Ilija Hadžić, Sanjay Udani, and Jonathan M. Smith. 1999. FPGA viruses. In Proceedings of the International Conference on Field-Programmable Logic and Applications (FPL’99), Patrick Lysaght, James Irvine, and Reiner Hartenstein (Eds.). Springer, 291--300.

Digital Library

[33]

K. A. Hawick and H. A. James. 2008. Enumerating circuits and loops in graphs with self-arcs and multiple-arcs. In Proceedings of the International Conference on Foundations of Computer Science (FCS’08). CSREA, 14--20.

[34]

Ted Huffmire, Brett Brotherton, Gang Wang, Timothy Sherwood, Ryan Kastner, Timothy E. Levin, Thuy D. Nguyen, and Cynthia E. Irvine. 2007. Moats and drawbridges: An isolation primitive for reconfigurable hardware based systems. In Proceedings of the Symposium on Security and Privacy (S8P’07). IEEE, 281--295.

Digital Library

[35]

Paul Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential power analysis. In Proceedings of the Conference on Advances in Cryptology (CRYPTO’99). Springer, 388--397.

[36]

J. Krautter, D. R. E. Gnad, and M. B. Tahoori. 2018. FPGAhammer: Remote voltage fault attacks on shared FPGAs, suitable for DFA on AES. IACR Trans. Crypto. Hardw. Embedd. Syst. 3 (2018).

[37]

Jason Luu, Nooruddin Ahmed, Kenneth B. Kent, Jason Anderson, Jonathan Rose, Vaughn Betz, Jeffrey Goeders, Michael Wainberg, Andrew Somerville, Thien Yu, Konstantin Nasartschuk, Miad Nasr, Sen Wang, and Tim Liu. 2014. VTR 7.0. ACM Trans. Reconfig. Technol. Syst. 7, 2 (July 2014), 1--30.

Digital Library

[38]

A. L. Masle and W. Luk. 2012. Detecting power attacks on reconfigurable hardware. In Proceedings of the International Conference on Field-Programmable Logic and Applications (FPL’12). IEEE, 14--19.

[39]

A. V. Mezhiba and E. G. Friedman. 2004. Scaling trends of on-chip power distribution noise. Trans. VLSI Syst. 12, 4 (Apr. 2004), 386--394.

Digital Library

[40]

Enys Mones, Lilla Vicsek, and Tamás Vicsek. 2012. Hierarchy measure for complex networks. PLoS ONE 7, 3 (Mar. 2012), e33799.

[41]

Tiago P. Peixoto. 2014. The graph-tool python library. figshare.

[42]

Chethan Ramesh, Shivukumar B. Patil, Siva Nishok Dhanuskodi, George Provelengios, Sebastien Pillement, Daniel Holcomb, and Russell Tessier. 2018. FPGA side channel attacks without physical access. In Proceedings of the International Symposium on Field-Programmable Custom Computing Machines.

[43]

Jonathan Rose, Jason Luu, Chi Wai Yu, Opal Densmore, Jeffrey Goeders, Andrew Somerville, Kenneth B. Kent, Peter Jamieson, and Jason Anderson. 2012. The VTR project. In Proceedings of the ACM/SIGDA International Symposium on Field-Programmable Gate Arrays (FPGA’12). ACM Press.

Digital Library

[44]

F. Schellenberg, D. R. E. Gnad, A. Moradi, and M. B. Tahoori. 2018. An inside job: Remote power analysis attacks on FPGAs. In Proceedings of the Conference on Design, Automation 8 Test in Europe (DATE’18). IEEE.

[45]

Li Shang, Alireza S. Kaviani, and Kusuma Bathala. 2002. Dynamic power consumption in Virtex™-II FPGA family. In Proceedings of the 10th ACM/SIGDA International Symposium on Field-Programmable Gate Arrays (FPGA’02). ACM Press.

Digital Library

[46]

SpinalHDL contributors. 2019. An FPGA Friendly 32 bit RISC-V CPU implementation. Retrieved from: https://github.com/SpinalHDL/VexRiscv.

[47]

Tilmann Stöhr, Markus Alt, Asmus Hetzel, and Jürgen Koehl. 1998. Analysis, reduction and avoidance of crosstalk on VLSI chips. In Proceedings of the International Symposium on Physical Design (ISPD’98). ACM, New York, NY, 211--218.

Digital Library

[48]

Adrian Tang, Simha Sethumadhavan, and Salvatore Stolfo. 2017. CLKSCREW: Exposing the perils of security-oblivious energy management. In Proceedings of the USENIX Security Symposium.

Digital Library

[49]

M. Tehranipoor and F. Koushanfar. 2010. A survey of hardware Trojan taxonomy and detection. IEEE Des. Test. Comput. 27, 1 (Jan. 2010), 10--25.

Digital Library

[50]

Clifford Wolf. 2013. Yosys Open SYnthesis Suite. Retrieved from: http://www.clifford.at/yosys/.

[51]

Mark Zhao and G. Edward Suh. 2018. FPGA-based remote power side-channel attacks. In Proceedings of the Symposium on Security and Privacy (S8P’18). IEEE.

[52]

Kenneth M. Zick and John P. Hayes. 2012. Low-cost sensing with ring oscillator arrays for healthier reconfigurable systems. ACM Trans. Reconfig. Technol. Syst. 5, 1, Article 1 (Mar. 2012), 26 pages.

Digital Library

[53]

Kenneth M. Zick, Meeta Srivastav, Wei Zhang, and Matthew French. 2013. Sensing nanosecond-scale voltage attacks and natural transients in FPGAs. In Proceedings of the International Symposium on Field-Programmable Gate Arrays (FPGA’13). ACM, 101--104.

Digital Library

Cited By

Dofe JDanesh WMore VChaudhari A(2024)Natural Language Processing for Hardware Security: Case of Hardware Trojan Detection in FPGAsCryptography10.3390/cryptography80300368:3(36)Online publication date: 8-Aug-2024
https://doi.org/10.3390/cryptography8030036
Drewes CSheaves TWeng ORyan KHunter BMcCarty CKastner RRichmond D(2024)Turn on, Tune in, and Listen up: Maximizing Side-Channel Recovery in Cross-Platform Time-to-Digital ConvertersACM Transactions on Reconfigurable Technology and Systems10.1145/366609217:3(1-30)Online publication date: 7-Jun-2024
https://dl.acm.org/doi/10.1145/3666092
Trochatos TEtim ASzefer J(2024)Covert-channels in FPGA-enabled SmartSSDsACM Transactions on Reconfigurable Technology and Systems10.1145/363531217:2(1-23)Online publication date: 30-Apr-2024
https://dl.acm.org/doi/10.1145/3635312
Show More Cited By

Index Terms

Mitigating Electrical-level Attacks towards Secure Multi-Tenant FPGAs in the Cloud
1. Hardware
  1. Integrated circuits
    1. Reconfigurable logic and FPGAs
2. Security and privacy
  1. Security in hardware
    1. Hardware attacks and countermeasures
      1. Side-channel analysis and countermeasures

Recommendations

FPGADefender: Malicious Self-oscillator Scanning for Xilinx UltraScale + FPGAs

Sharing configuration bitstreams rather than netlists is a very desirable feature to protect IP or to share IP without longer CAD tool processing times. Furthermore, an increasing number of systems could hugely benefit from serving multiple users on the ...
Mitigating Voltage Attacks in Multi-Tenant FPGAs
Recent research has exposed a number of security issues related to the use of FPGAs in embedded system and cloud computing environments. Circuits that deliberately waste power can be carefully crafted by a malicious cloud FPGA user and deployed to cause ...
Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
Abstract
Side-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Transactions on Reconfigurable Technology and Systems

ACM Transactions on Reconfigurable Technology and Systems Volume 12, Issue 3

Special Section on Security in FPGAs and Regular Articles

September 2019

150 pages

ISSN:1936-7406

EISSN:1936-7414

DOI:10.1145/3357092

Editor:
Deming Chen
University of Illinois, Urbana-Champaign Urbana

Issue’s Table of Contents

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 August 2019

Accepted: 01 April 2019

Revised: 01 February 2019

Received: 01 October 2018

Published in TRETS Volume 12, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

55
Total Citations
View Citations
671
Total Downloads

Downloads (Last 12 months)67
Downloads (Last 6 weeks)5

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Dofe JDanesh WMore VChaudhari A(2024)Natural Language Processing for Hardware Security: Case of Hardware Trojan Detection in FPGAsCryptography10.3390/cryptography80300368:3(36)Online publication date: 8-Aug-2024
https://doi.org/10.3390/cryptography8030036
Drewes CSheaves TWeng ORyan KHunter BMcCarty CKastner RRichmond D(2024)Turn on, Tune in, and Listen up: Maximizing Side-Channel Recovery in Cross-Platform Time-to-Digital ConvertersACM Transactions on Reconfigurable Technology and Systems10.1145/366609217:3(1-30)Online publication date: 7-Jun-2024
https://dl.acm.org/doi/10.1145/3666092
Trochatos TEtim ASzefer J(2024)Covert-channels in FPGA-enabled SmartSSDsACM Transactions on Reconfigurable Technology and Systems10.1145/363531217:2(1-23)Online publication date: 30-Apr-2024
https://dl.acm.org/doi/10.1145/3635312
Albartus* NEnder* MMöller* JFyrbiak MPaar CTessier R(2024)On the Malicious Potential of Xilinx’s Internal Configuration Access Port (ICAP)ACM Transactions on Reconfigurable Technology and Systems10.1145/363320417:2(1-28)Online publication date: 30-Apr-2024
https://dl.acm.org/doi/10.1145/3633204
Nassar HKrautter JBauer LGnad DTahoori MHenkel J(2024)Meta-Scanner: Detecting Fault Attacks via Scanning FPGA Designs MetadataIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.344376943:11(3443-3454)Online publication date: Nov-2024
https://doi.org/10.1109/TCAD.2024.3443769
Dutto GLytikov DImmler V(2024)In-Situ FPGA Fault Injection with Short-Circuits2024 IEEE Physical Assurance and Inspection of Electronics (PAINE)10.1109/PAINE62042.2024.10792722(1-7)Online publication date: 12-Nov-2024
https://doi.org/10.1109/PAINE62042.2024.10792722
More VChaudhari APuli BVuppala VDofe JDanesh W(2024)Natural Language Processing Meets Hardware Trojan Detection: Automating Security of FPGAs2024 IEEE Computer Society Annual Symposium on VLSI (ISVLSI)10.1109/ISVLSI61997.2024.00151(775-778)Online publication date: 1-Jul-2024
https://doi.org/10.1109/ISVLSI61997.2024.00151
Alrahis LNassar HKrautter JGnad DBauer LHenkel JTahoori M(2024)MaliGNNoma: GNN-Based Malicious Circuit Classifier for Secure Cloud FPGAs2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HOST55342.2024.10545411(383-393)Online publication date: 6-May-2024
https://doi.org/10.1109/HOST55342.2024.10545411
Chaudhuri JChakrabarty K(2024)Detection of Stealthy Bitstreams in Cloud FPGAs using Graph Convolutional Networks*2024 IEEE European Test Symposium (ETS)10.1109/ETS61313.2024.10567821(1-6)Online publication date: 20-May-2024
https://doi.org/10.1109/ETS61313.2024.10567821
Aknesil CDubrova E(2024)Circuit Disguise: Detecting Malicious Circuits in Cloud FPGAs without IP Disclosure2024 27th Euromicro Conference on Digital System Design (DSD)10.1109/DSD64264.2024.00055(361-368)Online publication date: 28-Aug-2024
https://doi.org/10.1109/DSD64264.2024.00055
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Issue’s Table of Contents